Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Study > Interview Questions > Flashcards

Interview Questions Flashcards

1
Q

What is Cryptography?

A

Cryptography is the practice and study of techniques for securing information and communication mainly to protect the data from third parties that the data is not intended for.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between Symettric and Asymettric encryption?

A

Symettric:
* Same key for encryption/ decryption
* fast but vulnerable
* Algorithims: DES, 3DES, AES, RC4
* used for bulk data transmission

Asymettric:
* Different keys (one public and one private)
* slower due to high computation
* Algorithims: Diffie-Hellman, RSA
* Often used for securely exchanging secret keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between IDS and IPS?

A

IDS only detects the threat where as IPS can prevent the threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain the CIA triad

A

Confidentiality, Integrity, and Availability

Confidentiality - Making sure only authorized users have access to the data

Integrity - Making sure the data is trustworthy and free from tampering

Availaibility - Making sure data is available to end users when its needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is Encryption different from Hashing?

A

Both change convert data into an unreadable format but encryption can be converted back to its original.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a firewall and why is it used?

A

A firewall is a security system or host based tool that monitors and controls the network traffic. They’re used to protect the system/network by monitoring incoming/outgoing network traffic and decides whether to allow or deny specific traffic based on a defined set of rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between Vulnerability Assessment and Penetration Testing?

A

Vulnerability testing is the process of finding vulnerabilities in order to patch/fix them. Usually this is done by a tool with the correct credentials in order to log into the system.

Penetration Testing is the process of finding and exploting vulnerabilities in order to see if the testers can get past the security tools in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a three-way handshake?

A

A method used in a TCP/IP network to create a connection between a host and a client.

The steps are:
1. Client sends a SYN (synchronize) packet to the server in order to request esbalishing communication
2. The server responds with a SYN-ACK if it accepts the communication
3. The client acknowledges the servers response and sends an ACK (Acknowledgement) packet back to finish the handshake.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain SSL Encryption

A
  1. A browser tries to connect to the webserver secured with SSL
  2. The browser sends a copy of its SSL certificate to the browser
  3. The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy, then the browser sends a message to the web server requesting to establish an encrypted connection
  4. The web server sends an acknowledgment to start an SSL encrypted connection
  5. SSL encrypted communication takes place between the browser and the web server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How to secure a server

A
  1. Set a secure password for root and admin accounts
  2. Make new accounts that will be used for managing the system and secure them.
  3. Remove remote access from root/admin accounts
  4. Configure firewall and IPtables (if linux)
  5. close unused ports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain the types of data leakage

A
  • Accidental Breach - unintentially sending data to an anauthorized person
  • Intentional breach - authorized entity sends data to an unauthorized entity on purpose
  • System Hack/Breach - Hacking techniques are used to cause data leakage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the OSI layers

A
  1. Application Layer
  2. Presnetation Layer
  3. Session Layer
  4. Transport Layer
  5. Network Layer
  6. Data Link Layer
  7. Physical Layer - Responsible for transmission of digital data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a VPN?

A

Virtual Private Network - It is used to create a safe and encrypted connection. Data from the client is encrypted and before it gets to the server it gets decryted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Risk, Vulnerability, and Threat?

A
  • Threat - Someone with the potential to harm a system or orginization
  • Vulnerability - Weakness in a system that can be exploited by a potential threat
  • Risk - Potential loss or damage when a threat exploits a vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Difference between Black hat, White hat, and Gray Hat

A

Black Hat - Hackers that normally have the intent to do harm to a individual or company by stealing data, sabotaging websites, or disrupting communications.

White Hat - Hackers that are hired to attempt to break into a company in order to find and fix vulnerabilities and security holes.

Gray Hat - Are a mixture between White and Black hat hackers. They normally look for vulnerabilities without permission but then report it to a companies bug bounty program for rewards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain MITM attack (Main in the Middle Attack)

A

An attack type where the attacker places himself in the middle of a conversation that allow them the ability to listen in and steal information. This can also be used to impersonate someone.

17
Q

Explain DDOS and how to prevent it

A

DDOS - Distributed Denial of Service is a cyberattack

Prevention
* Load Balancers
* Anti-DDOS services
*

18
Q

Explain XSS and how to prevent it

A

XSS - A cyberattack that enables hackers to inject malicious client-side scripts into web pages. Can be used to hijack sessions and steal cookies, modify DOM, remote code execution, crash the serv..etc

Prevention
* Validate user inputs
* santitize user inputs
* encode special characters
* Anti- XSS services/tools
* XSS HTML Filter

19
Q

What is an ARP and how does it work?

A

ARP - Address Resolution Protocol is a protocol for mapping an IP address to a physical machine.

When a packet arrives on the network the gateway asks the ARP program to find a MAC address that matches the IP address. The ARP cache keeps a list of each IP address and its matching MAC address.

If the IP is not on the list, then an ARP is sent out to the network to request what device has device has what MAC address and IP.

20
Q

Explain SSL and TLS

A

SSL -

21
Q

What is 2FA

A

Multi-factor Authentication - Requiring another form of verification such as a physcial token or a code that is sent via text, phone call, email, or a 2FA authenticator app.

22
Q

Explain SQL injection and how to prevent it

A

SQL Injection - a code injection attack where an attacker manipulates that data being snet to the server to execute malicious SQL statements to control a web aplications DB server which would allow them to access, modify, or delete data.

Prevention:
* Use prepared statements
* Use Stored Procedures
* Validate User Input

23
Q

What is Port Scanning?

A

A method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities

24
Q
A

Study (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions